Sean Barnum
Information Security Principal
The MITRE Corporation
McLean, VA

Enabling Effective Cyber Threat Intelligence and Information Sharing

Abstract:  The world is currently experiencing a paradigm shift in cyber security. The scope, scale, complexity and growth of the evolving threat landscape and the risk it poses are causing an awakening where cyber security issues are a common topic of discourse for even non-security people reaching to the highest levels of government, industry and the international community. Along with this recognition of the criticality of cyber security is a recognition that the traditional approach to security based on an inward-focused understanding of our own vulnerability must be balanced with a clear outward-focused understanding of the adversaries we face and the risks they pose in order to make intelligent defensive decisions. This realization is driving a strong move towards a threat-informed security approach based on cyber threat intelligence and information sharing. In support of enabling such intelligence and sharing activities, the US Department of Homeland Security is sponsoring several open international community efforts to develop structured representations for the various forms of cyber threat-related information. The primary umbrella effort for this is the Structured Threat Information eXpression (STIX). STIX is an structured information framework for holistic cyber threat intelligence with an architecture including constructs for Observables, Indicators, Incidents, TTP, Exploit Targets, Campaigns, Threat Actors and Courses of Action. This session will discuss the STIX effort, its current status, its rapidly evolving base of interest/support/adoption and its likely path forward.

Biography:  Sean Barnum is an Information Security Principal at The MITRE Corporation where he acts as a senior advisor to US government and industry, often acting as technical architect and community leader for various information security knowledge structuring efforts including STIX, CybOX, TAXII, CAPEC, MAEC, CWE, and SAFES among others. He has a broad base of over 25 years of experience in the software & technology industry. He is a frequent contributor, speaker, trainer and author on information security topics. He is coauthor of the book “Software Security Engineering: A Guide for Project Managers” and is involved in the information security related standards efforts of ISO, OMG and IETF, among other international standards bodies.